Lucene search
+L
CvelistRecent

367610 matches found

Cvelist
Cvelist
•added 53 minutes ago•3 views

CVE-2026-64186 iommu/amd: Remove latent out-of-bounds access in IOMMU debugfs

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Remove latent out-of-bounds access in IOMMU debugfs In iommummiowrite and iommucapabilitywrite, the variables dbgmmiooffset and dbgcapoffset are declared as int. However, they are populated using kstrtou32fromuser. If ...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•2 views

CVE-2026-64185 sysfs: don't remove existing directory on update failure

In the Linux kernel, the following vulnerability has been resolved: sysfs: don't remove existing directory on update failure When sysfsupdategroup is called for a named group and createfiles fails e.g. -ENOMEM, internalcreategroup calls kernfsremovekn on the group directory. In the update path, k...

Exploits0References8
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64184 mm/damon/sysfs-schemes: call missing mem_cgroup_iter_break()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: call missing memcgroupiterbreak damonsysfsmemcgpathtoid breaks memcgroupiter loop without calling memcgroupiterbreak. This leaks the cgroup reference. Fix the issue by calling memcgroupiterbreak before the...

Exploits0References5
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64182 drivers/base/memory: fix memory block reference leak in poison accounting

In the Linux kernel, the following vulnerability has been resolved: drivers/base/memory: fix memory block reference leak in poison accounting memblknrpoisoninc and memblknrpoisonsub look up a memory block via findmemoryblockbyid, which acquires a reference to the memory block device. Both helpers...

Exploits0References5
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64183 efi: Allocate runtime workqueue before ACPI init

In the Linux kernel, the following vulnerability has been resolved: efi: Allocate runtime workqueue before ACPI init Since commit 5894cf571e14 "acpi/prmt: Use EFI runtime sandbox to invoke PRM handlers" ACPI PRM calls are delegated to a workqueue which runs in a kernel thread, making it easier to...

Exploits0References5
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64181 mm: fix __vm_normal_page() to handle missing support for pmd_special()/pud_special()

In the Linux kernel, the following vulnerability has been resolved: mm: fix vmnormalpage to handle missing support for pmdspecial/pudspecial On x86 32-bit with THP enabled, zaphugepmd is seen to generate a "WARNING: mm/memory.c:735 at vmnormalpage+0x6a/0x7d", from the VMWARNONONCEiszeropfnpfn ||...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64179 net: wwan: iosm: fix potential memory leaks in ipc_imem_init()

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix potential memory leaks in ipcimeminit The memory allocated in ipcprotocolinit is not freed on the error paths that follow in ipcimeminit. Fix that by calling the corresponding release function ipcprotocoldein...

Exploits0References7
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64180 mm/memory_hotplug: fix memory block reference leak on remove

In the Linux kernel, the following vulnerability has been resolved: mm/memoryhotplug: fix memory block reference leak on remove Patch series "mm: Fix memory block leaks and locking", v2. This series fixes two memory block device reference leaks and one locking issue around the per-memoryblock...

Exploits0References4
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64178 Bluetooth: bnep: Fix UAF read of dev->name

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: Fix UAF read of dev-name bnepaddconnection needs to keep holding the bnepsessionsem while reading dev-name just like bnepgetconnlist does; otherwise the bnepsession thread can concurrently free the netdevice, whi...

Exploits0References8
Cvelist
Cvelist
•added 54 minutes ago•4 views

CVE-2026-64177 phonet/pep: disable BH around forwarded sk_receive_skb()

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: disable BH around forwarded skreceiveskb The networking receive path is usually run from softirq context, but protocols that take the socket lock may have packets stored in the backlog and processed later from process...

Exploits0References8
Cvelist
Cvelist
•added 54 minutes ago•4 views

CVE-2026-64175 wifi: iwlwifi: mld: stop TX during firmware restart

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: stop TX during firmware restart When iwlwifi firmware crashes e.g., NMIINTERRUPTUNKNOWN on Intel BE201/Wi-Fi 7, iwlmldnicerror sets mld-fwstatus.inhwrestart to true. However, iwlmldtxfromtxq does not check thi...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64176 wifi: iwlwifi: mvm: fix driver-set TX rates on old devices

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix driver-set TX rates on old devices On old devices such as 7265D, rates are still encoded in version 1 format, which doesn't use the CCK/OFDM rate index 0-3/0-7 but rather their PLCP value e.g. 10 for 1 Mbp...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64174 wifi: cfg80211: advance loop vars in cfg80211_merge_profile()

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: advance loop vars in cfg80211mergeprofile cfg80211mergeprofile reassembles a Multi-BSSID non-transmitted BSS profile that has been split across multiple consecutive MBSSID elements. Its while-loop calls...

Exploits0References8
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64173 tracing: Do not call map->ops->elt_free() if elt_alloc() fails

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not call map-ops-eltfree if eltalloc fails In paths where tracingmapeltalloc failed to allocate objects, the map-ops-eltalloc call was never successful. In this case, map-ops-eltfree should not be called...

Exploits0References8
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64172 KVM: SVM: Disable AVIC IPI virtualization on Hygon Family 18h (erratum #1235)

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Disable AVIC IPI virtualization on Hygon Family 18h erratum 1235 Hygon Family 18h CPUs are derived from AMD Family 17h Zen1 silicon and share the same erratum 1235: hardware may read a stale IsRunning=1 bit during ICR...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64171 i2c: tegra: fix pm_runtime leak on mutex_lock failure

In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: fix pmruntime leak on mutexlock failure If tegrai2cmutexlock fails, the function returns without calling pmruntimeput, leaking the runtime PM reference acquired by the preceding pmruntimegetsync. This prevents the...

Exploits0References2
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64169 spi: ep93xx: fix error pointer deref after DMA setup failure

In the Linux kernel, the following vulnerability has been resolved: spi: ep93xx: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to the clear the DMA channel pointers on setup failure to avoid dereferencing an error...

Exploits0References4
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64170 spi: qup: fix error pointer deref after DMA setup failure

In the Linux kernel, the following vulnerability has been resolved: spi: qup: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to the clear the DMA channel pointers on setup failure to avoid dereferencing an error pointer...

Exploits0References8
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64167 kho: skip KHO for crash kernel

In the Linux kernel, the following vulnerability has been resolved: kho: skip KHO for crash kernel khofillkimage unconditionally populates the kimage with KHO metadata for every kexec image type. When the image is a crash kernel, this can be problematic as the crash kernel can run in a small...

Exploits0References2
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64168 spi: sprd: fix error pointer deref after DMA setup failure

In the Linux kernel, the following vulnerability has been resolved: spi: sprd: fix error pointer deref after DMA setup failure The driver falls back to PIO mode if DMA setup fails during probe. Make sure to check the dma.enabled flag before trying to release the DMA channels also on late probe...

Exploits0References8
Cvelist
Cvelist
•added 54 minutes ago•4 views

CVE-2026-64166 firmware: arm_ffa: Check for NULL FF-A ID table while driver registration

In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Check for NULL FF-A ID table while driver registration The bus match callback assumes that every FF-A driver provides an idtable and dereferences it unconditionally. Enforce that contract at registration time so...

Exploits0References7
Cvelist
Cvelist
•added 54 minutes ago•4 views

CVE-2026-64165 ARM: integrator: Fix early initialization

In the Linux kernel, the following vulnerability has been resolved: ARM: integrator: Fix early initialization Starting with commit bdb249fce9ad4 "ARM: integrator: read counter using syscon/regmap", intcpinitearly calls sysconregmaplookupbycompatible which in turn calls ofsysconregister. This...

Exploits0References8
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64164 btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file()

In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: fix sleep while in atomic context in btrfssyncfile The trace event btrfssyncfile is called in an atomic context all trace events are and its call to dput, which is needed due to the call to dgetparent, can...

Exploits0References8
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64163 test_kprobes: clear kprobes between test runs

In the Linux kernel, the following vulnerability has been resolved: testkprobes: clear kprobes between test runs Running the kprobes sanity tests twice makes all tests fail and eventually crashes the kernel. root@martin-riscv-1 echo 1 /sys/kernel/debug/kunit/kprobestest/run ... Totals: pass:5...

Exploits0References5
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64162 idpf: fix read_dev_clk_lock spinlock init in idpf_ptp_init()

In the Linux kernel, the following vulnerability has been resolved: idpf: fix readdevclklock spinlock init in idpfptpinit In idpfptpinit, readdevclklock is initialized after ptpscheduleworker had already been called and after idpfptpsettime64 could reach the lock. The PTP aux worker fires...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•2 views

CVE-2026-64161 net: ti: icssm-prueth: fix eth_ports_node leak in probe

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssm-prueth: fix ethportsnode leak in probe The error path on ofpropertyreadu32 failure inside icssmpruethprobe returns without putting ethportsnode, which was acquired before the foreachchildofnode loop. Drop it before...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64160 netfs: Fix potential for tearing in ->remote_i_size and ->zero_point

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix potential for tearing in -remoteisize and -zeropoint Fix potential tearing in using -remoteisize and -zeropoint by copying isizeread and isizewrite and using the same seqcount as for isize. We need to make sure that...

Exploits0References2
Cvelist
Cvelist
•added 54 minutes ago•4 views

CVE-2026-64159 netfs: Fix zeropoint update where i_size > remote_i_size

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix zeropoint update where isize remoteisize Fix the update of the zero point by netfsreleasefolio when there is uncommitted data in the pagecache beyond the folio being released but the on-server EOF is in this folio ie...

Exploits0References2
Cvelist
Cvelist
•added 54 minutes ago•4 views

CVE-2026-64158 netfs: Fix write streaming disablement if fd open O_RDWR

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix write streaming disablement if fd open ORDWR In netfsperformwrite, "write streaming" the caching of dirty data in dirty but !uptodate folios is performed to avoid the need to read data that is just going to get...

Exploits0References4
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64156 netfs, afs: Fix write skipping in dir/link writepages

In the Linux kernel, the following vulnerability has been resolved: netfs, afs: Fix write skipping in dir/link writepages Fix netfswritesingle and afssinglewritepages to better handle a write that would be skipped due to lock contention and WBSYNCNONE by returning 1 from netfswritesingle if it...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64157 netfs: Fix partial invalidation of streaming-write folio

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix partial invalidation of streaming-write folio In netfsinvalidatefolio, if the region of a partial invalidation overlaps the front but not all of a dirty write cached in a streaming write page dirty, but not uptodate,...

Exploits0References4
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64155 wifi: ath11k: fix error path leaks in some WMI WOW calls

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix error path leaks in some WMI WOW calls Fix two instances where we used to directly return the result of ath11kwmicmdsend.... Because we did not check the return value, we also did not free the skb in the error...

Exploits0References7
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64153 drm/msm: Fix iommu_map_sgtable() return value check and avoid WARN

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix iommumapsgtable return value check and avoid WARN Commit "iommu: return full error code from iommumapsgatomic" changed iommumapsgtable to return an ssizet and negative values in error cases, rather than a sizet and a...

Exploits0References7
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64154 drm/msm/adreno: Fix a reference leak in a6xx_gpu_init()

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Fix a reference leak in a6xxgpuinit In a6xxgpuinit, node is obtained via ofparsephandle. While there was a manual ofnodeput at the end of the common path, several early error returns would bypass this call,...

Exploits0References2
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64152 iommu: Handle unmap error when iommu_debug is enabled

In the Linux kernel, the following vulnerability has been resolved: iommu: Handle unmap error when iommudebug is enabled Sashiko noticed a latent bug where the map error flow called iommuunmap which calls iommudebugunmapbegin/iommudebugunmapend however since this is an error path the map flow nev...

Exploits0References2
Cvelist
Cvelist
•added 54 minutes ago•4 views

CVE-2026-64150 netfilter: nft_inner: release local_lock before re-enabling softirqs

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftinner: release locallock before re-enabling softirqs Quoting sashiko: In the error path, localbhenable is called before localunlocknestedbh...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64151 iommupt: Check for missing PAGE_SIZE in the pgsize_bitmap

In the Linux kernel, the following vulnerability has been resolved: iommupt: Check for missing PAGESIZE in the pgsizebitmap Sashiko pointed out that the driver could drop PAGESIZE from the pgsizebitmap. That is technically allowed but nothing does it, and such an iommudomain would not be used wit...

Exploits0References2
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64149 dma-mapping: move dma_map_resource() sanity check into debug code

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: move dmamapresource sanity check into debug code dmamapresource uses pfnvalid to ensure the range is not RAM. However, pfnvalid only checks for availability of the memory map for a PFN but it does not ensure that the...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64147 pds_core: fix debugfs_lookup dentry leak and error handling

In the Linux kernel, the following vulnerability has been resolved: pdscore: fix debugfslookup dentry leak and error handling debugfslookup returns a dentry with an elevated reference count that must be released with dput. The current code discards the returned dentry without calling dput, causin...

Exploits0References5
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64148 pds_core: fix error handling in pdsc_devcmd_wait

In the Linux kernel, the following vulnerability has been resolved: pdscore: fix error handling in pdscdevcmdwait Fix two cases where pdscdevcmdwait returns stale success from the completion register instead of an error: 1. FW crash: If firmware stops running, the wait loop breaks early with...

Exploits0References5
Cvelist
Cvelist
•added 54 minutes ago•4 views

CVE-2026-64146 erofs: fix metabuf leak in inode xattr initialization

In the Linux kernel, the following vulnerability has been resolved: erofs: fix metabuf leak in inode xattr initialization commit bb88e8da0025 "erofs: use meta buffers for xattr operations" converted xattr operations to use on-stack erofsbuf instances. erofsinitinodexattrs uses such a metabuf whil...

Exploits0References2
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64144 Bluetooth: btmtk: fix urb->setup_packet leak in error paths

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: fix urb-setuppacket leak in error paths The setuppacket of control urb is not freed if usbsubmiturb fails or the submitted urb is killed. Add free in these two paths...

Exploits0References5
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64145 wifi: wilc1000: fix dma_buffer leak on bus acquire failure

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix dmabuffer leak on bus acquire failure wilcwlanfirmwaredownload allocates dmabuffer with kmalloc at the top of the function and uses a 'fail:' label to free it via kfreedmabuffer on error. All later error paths...

Exploits0References3
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64143 platform/x86: uniwill-laptop: Do not enable the charging limit even when forced

In the Linux kernel, the following vulnerability has been resolved: platform/x86: uniwill-laptop: Do not enable the charging limit even when forced It seems that on some older models 2020 the battery charging limit can permanently damage the battery. Prevent users from enabling this feature thru...

Exploits0References2
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64142 ksmbd: close durable scavenger races against m_fp_list lookups

In the Linux kernel, the following vulnerability has been resolved: ksmbd: close durable scavenger races against mfplist lookups ksmbddurablescavenger has two related races against any walker that iterates fci-mfplist, including ksmbdlookupfdinode used by ksmbdvfsrename and the share-mode checks ...

Exploits0References5
Cvelist
Cvelist
•added 54 minutes ago•4 views

CVE-2026-64140 ksmbd: fix null pointer dereference in proc_show_files()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in procshowfiles When a SMB2 client opens a file with a durable v2 handle and then issues SMB2 SESSIONLOGOFF, sessionfdcheck clears fp-tcon = NULL on the reconnectable file pointer but leaves t...

Exploits0References2
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64141 ksmbd: fix null pointer dereference in compare_guid_key()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in compareguidkey sessionfdcheck walks the per-inode moplist during durable-handle session teardown and sets op-conn = NULL for every opinfo whose conn matched the closing session's connection...

Exploits0References5
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64139 ksmbd: fix SID memory leak in set_posix_acl_entries_dacl() on overflow

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix SID memory leak in setposixaclentriesdacl on overflow Commit 299f962c0b02 "ksmbd: use checkaddoverflow to prevent u16 DACL size overflow" added checkaddoverflow guards that break out of the ACE-building loops in...

Exploits0References5
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64137 smb: client: require net admin for CIFS SWN netlink

In the Linux kernel, the following vulnerability has been resolved: smb: client: require net admin for CIFS SWN netlink CIFSGENLCMDSWNNOTIFY is the userspace witness-notify command. The intended sender is the cifs.witness helper, but the generic-netlink operation currently has no capability flag,...

Exploits0References7
Cvelist
Cvelist
•added 54 minutes ago•3 views

CVE-2026-64138 ksmbd: validate SID in parent security descriptor during ACL inheritance

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate SID in parent security descriptor during ACL inheritance Introduce smbvalidatentsdsid helper to safely validate Owner SID and Group SID inside the NT Security Descriptor smbntsd retrieved from the parent directory...

Exploits0References4
Total number of security vulnerabilities367610